Ukraine faces a series of potentially catastrophic cyber threats in the run-up to the 2019 presidential and parliamentary elections, former top U.S. officials said at a Kyiv event on May 24.
“Ukraine will be challenged first,” said former National Security Agency Director Keith Alexander at the panel discussion called “Cybersecurity and Disinformation in Ukraine and the West.”
Arranged by the Victor Pinchuk Foundation, the event was moderated by best-selling author and Washington Post columnist Anne Applebaum, and joined by former Estonian President Toomas Ilves and Jared Cohen, an adviser to two U.S. secretaries of state and currently an executive at a Google subsidiary.
Alexander argued that Russia would use the run-up to the March 2019 Ukrainian presidential election as both an opportunity to interfere in the country’s internal processes and as a way of testing various tactics.
The former NSA director said that the finance, energy and public sectors would be at the top of the target list.
“If you want to cause the maximum harm to this country, what you do is several things as part of a coherent strategy,” Alexander said. “That strategy is to upset the elections and cause turmoil.”
Cyber threats
What really is a cyber threat?
The term covers a broad category of events – everything from a hack which takes down a nation’s civilian electricity infrastructure to the leaking of emails showing embarrassing internal political discussions.
One of the panelists, Jared Cohen, works as CEO of Jigsaw, a Google subsidiary that develops products which counter various types of cyber threats.
Cohen linked the idea of a cyber threat with that of propaganda.
“What’s shocking all of us is this growing effort to disrupt the information state by distorting the truth, hacking the conversation and spreading disinformation,” he said.
“We still haven’t figured out how to have a conversation about the strategic nexus between cyber and geopolitics,” he added, saying that cyber attacks between states should be considered the same as their real-world analogs.
Ilves, the former Estonian president, recalled the example of Georgia in the country’s brief 2008 war with Russia, saying that the Kremlin pioneered cyber warfare tactics during the confrontation.
“In the Russia-Georgia war, the Russians would blanket an area with DDOS attacks and then bomb it,” he recalled. This tactic would deprive those in an area under attack from posting about it on social media, erasing the “digital footprint” of a given offensive before internet access could be restored.
He then compared Ukraine to the Spanish Civil War, which was used as a testing ground for Nazi Germany’s new weaponry and tactics.
“Ukraine has a lot to teach us. We should be studying you and not teaching you,” he said.
Sales pitch?
At times, it was unclear if the speakers were delivering a warning for Ukraine or a sales pitch for private cybersecurity firms.
Cohen argued that there should be “a wall between the public sector and the private sector,” calling it “a major value proposition.”
“That’s why people want technology from democratic countries and not autocratic ones,” he said. “What I look for in a country with this sharp division, where is there an opening for this symbiotic relationship.”
Alexander has faced criticism for monetizing his public service experience in part by charging as much as $1 million per month as a cybersecurity consultant and in part by filing patents based on technology related to his job in government.
He struck by far the starkest, most fear-inspiring tone of the panelists, saying at one point that Russia could inflict another Holodomor on Ukraine by destroying its infrastructure through a massive hack.
“Everything that your country runs on and depends on energy,” he said. “If the energy sector is stopped, and I believed that that would be done with a combination of cyber and physical attacks, your ability to govern this country would be significantly impacted.”
Alexander added that the solutions “start with industry. If industry can do it and share it with government, then you can solve many of the problems with privacy and civil liberties.”
“Government is normally the least secure because they don’t have the quality people to defend themselves,” Alexander opined.
Applebaum pointed out that much of the individual targeting technology which is said to interfere with democratic political systems in fact was first developed by the private sector, as part of advertising campaigns to establish the taste preferences of individual consumers.
This has created situations in which political parties can target people with an unprecedented level of detail.
“It isolates people in echo chambers,” she said.
But it was Ilves who credited Ukraine with not only being a testbed for Russian attacks, but also acting as a de facto buffer zone.
“No matter how awful something is, it must not get beyond Ukraine,” he said.